The leak by Edward Snowden of stolen intelligence material in June 2013 led to allegations regarding the UK Agencies’ use of intrusive capabilities – in particular those relating to GCHQ’s interception of internet communications. This Committee investigated the most serious of those allegations – that GCHQ were circumventing UK law – in July 2013. We concluded that that allegation was unfounded. However, we considered that a more in-depth Inquiry into the full range of the Agencies’ intrusive capabilities was required – not just in terms of how they are used and the scale of that use, but also the degree to which they intrude on privacy and the extent to which existing legislation adequately defines and constrains these capabilities.
The disclosure of controversial mass surveillance programmes by intelligence and national security agencies has evoked an international debate on the right of citizens to be protected from illegitimate or warrantless collection and analysis of their data and meta-data. This report aims at identifying what are the risks of data breaches for users of publicly available Internet services such as web browsing, email, social networks, cloud computing, or voice communications, via personal computers or mobile devices, and what are the possible impacts for the citizens and the European Information Society. In this context a clear distinction has to be made between data and meta-data. Also it must be differentiated between mass unwarranted and indiscriminate interception, and targeted lawful interception of Internet and telephony data for the purpose of law enforcement and crime investigation. While targeted lawful interception constitutes a necessary and legitimate instrument of intelligence and law enforcement agencies, mass surveillance is considered a threat to civil liberties such as the right to freedom of opinion and expression. These civil liberties are essential human rights in democratic societies and of particular importance for safeguarding independent journalism and political opposition.
A collection of hundreds of emails from the City of Oakland relating to the construction of the City/Port of Oakland Joint Domain Awareness Center. The files were obtained through a public records request made by members of Occupy Oakland. The emails range in date from September 2013 to December 2013.
Section 215 is designed to enable the FBI to acquire records that a business has in its possession, as part of an FBI investigation, when those records are relevant to the investigation. Yet the operation of the NSA’s bulk telephone records program bears almost no resemblance to that description. While the Board believes that this program has been conducted in good faith to vigorously pursue the government’s counterterrorism mission and appreciates the government’s efforts to bring the program under the oversight of the FISA court, the Board concludes that Section 215 does not provide an adequate legal basis to support the program. There are four grounds upon which we find that the telephone records program fails to comply with Section 215. First, the telephone records acquired under the program have no connection to any specific FBI investigation at the time of their collection. Second, because the records are collected in bulk — potentially encompassing all telephone calling records across the nation — they cannot be regarded as “relevant” to any FBI investigation as required by the statute without redefining the word relevant in a manner that is circular, unlimited in scope, and out of step with the case law from analogous legal contexts involving the production of records. Third, the program operates by putting telephone companies under an obligation to furnish new calling records on a daily basis as they are generated (instead of turning over records already in their possession) — an approach lacking foundation in the statute and one that is inconsistent with FISA as a whole. Fourth, the statute permits only the FBI to obtain items for use in its investigations; it does not authorize the NSA to collect anything.
In the wake of the disclosures surrounding PRISM and other US surveillance programmes, this study makes an assessment of the large-scale surveillance practices by a selection of EU member states: the UK, Sweden, France, Germany and the Netherlands. Given the large-scale nature of surveillance practices at stake, which represent a reconfiguration of traditional intelligence gathering, the study contends that an analysis of European surveillance programmes cannot be reduced to a question of balance between data protection versus national security, but has to be framed in terms of collective freedoms and democracy. It finds that four of the five EU member states selected for in-depth examination are engaging in some form of large-scale interception and surveillance of communication data, and identifies parallels and discrepancies between these programmes and the NSA-run operations. The study argues that these surveillance programmes do not stand outside the realm of EU intervention but can be engaged from an EU law perspective via (i) an understanding of national security in a democratic rule of law framework where fundamental human rights standards and judicial oversight constitute key standards; (ii) the risks presented to the internal security of the Union as a whole as well as the privacy of EU citizens as data owners, and (iii) the potential spillover into the activities and responsibilities of EU agencies. The study then presents a set of policy recommendations to the European Parliament.
A draft order from the Russian Ministry of Communications written in coordination with the FSB that, if implemented, will require Russian internet service providers to retain all internet traffic and provide the FSB with access for 12 hours after the data is collected, including stored data, phone numbers, IP addresses, account names, social network activity and e-mail addresses. The proposed rule changes have concerned Russian telecommunications providers who say that the requirements violate the Russian constitution.
Two presentations from the Gamma Group describe the company’s FinFisher and 3G-GSM tactical interception and target location surveillance products. The presentations were anonymously posted online and are reportedly from 2011 discussions between Gamma and the German State Criminal Police Offices (Landeskriminalamts).
This white paper explains the Government’s legal basis for an intelligence collection program under which the Federal Bureau of Investigation (FBI) obtains court orders directing certain telecommunications service providers to produce telephony metadata in bulk. The bulk metadata is stored, queried and analyzed by the National Security Agency (NSA) for counterterrorism purposes. The Foreign Intelligence Surveillance Court (“the FISC” or “the Court”) authorizes this program under the “business records” provision of the Foreign Intelligence Surveillance Act (FISA), 50 U.S.C. § 1861, enacted as section 215 of the USA PATRIOT Act (Section 215). The Court first authorized the program in 2006, and it has since been renewed thirty-four times under orders issued by fourteen different FISC judges. This paper explains why the telephony metadata collection program, subject to the restrictions imposed by the Court, is consistent with the Constitution and the standards set forth by Congress in Section 215. Because aspects of this program remain classified, there are limits to what can be said publicly about the facts underlying its legal authorization. This paper is an effort to provide as much information as possible to the public concerning the legal authority for this program, consistent with the need to protect national security, including intelligence sources and methods. While this paper summarizes the legal basis for the program, it is not intended to be an exhaustive analysis of the program or the legal arguments or authorities in support of it.
Department of Defense, Department of Homeland Security, Department of Justice, Federal Bureau of Investigation
A collection of Network Security Agreements (NSAs) entered into with foreign communications infrastructure providers ensuring U.S. government agencies the ability to access communications data when legally requested. The agreements range in date from 1999 to 2011 and involve a rotating group of government agencies including the Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), Department of Justice (DoJ), Department of Defense (DoD) and sometimes the Department of the Treasury. According to the Washington Post, the agreements require companies to maintain what amounts to an “internal corporate cell of American citizens with government clearances” ensuring that “when U.S. government agencies seek access to the massive amounts of data flowing through their networks, the companies have systems in place to provide it securely.”
This study evaluates the oversight of national security and intelligence agencies by parliaments and specialised non-parliamentary oversight bodies, with a view to identifying good practices that can inform the European Parliament’s approach to strengthening the oversight of Europol, Eurojust, Frontex and, to a lesser extent, Sitcen. The study puts forward a series of detailed recommendations (including in the field of access to classified information) that are formulated on the basis of in-depth assessments of: (1) the current functions and powers of these four bodies; (2) existing arrangements for the oversight of these bodies by the European Parliament, the Joint Supervisory Bodies and national parliaments; and (3) the legal and institutional frameworks for parliamentary and specialised oversight of security and intelligence agencies in EU Member States and other major democracies.
The present report analyses the implications of States’ surveillance of communications for the exercise of the human rights to privacy and to freedom of opinion and expression. While considering the impact of significant technological advances in communications, the report underlines the urgent need to further study new modalities of surveillance and to revise national laws regulating these practices in line with human rights standards.
Technical specifications released by the Qatari Ministry of Interior for CCTV surveillance cameras that are required in all the mentioned categories of businesses operating in Qatar including hotels, apartments, banks, shopping centers, hospitals and warehouses.
Harris Corporation’s standard terms and conditions for the sale of their wireless surveillance products including the AmberJack, StingRay, StingRay II, Harpoon and KingFish products. The terms and conditions document was included in a contract signed with Tempe, Arizona on October 8, 2012 for $60,321.15 worth of surveillance software, equipment and training.
The Subcommittee investigation found that DHS-assigned detailees to the fusion centers forwarded “intelligence” of uneven quality – oftentimes shoddy, rarely timely, sometimes endangering citizens’ civil liberties and Privacy Act protections, occasionally taken from already-published public sources, and more often than not unrelated to terrorism. Congress directed the Department of Homeland Security (DHS) to lead this initiative. A bipartisan investigation by the Permanent Subcommittee on Investigations has found, however, that DHS’ work with those state and local fusion centers has not produced useful intelligence to support federal counterterrorism efforts.
A document produced by the Department of Health and Human Services as part of their “Now Trending Challenge” to develop applications for monitoring disease outbreaks via Twitter. The document contains lists of various terms that are associated with a number of diseases from the common cold to diphtheria.
This Statement of Work (SOW) involves purchasing and installing a Lawful Intercept (LI) capability for the Government of Iraq (GOI). The capability shall include: providing installation, system engineering, system administration, terminal operations support, and mentoring/training Iraqi system operators. The solution should include a disaster recovery feature/configuration that would replicate (backup) the server and database storage at a physically separate facility. LI will provide the GOI a powerful communications intelligence tool to assist in combating criminal organizations and insurgencies by supporting evidence-based prosecutions, warrant-based targeting, and intelligence-based operations.
This document contains detailed recommendations on how to implement the best practices identified in the Clean IT project. It will be developed further in the months ahead. After the end of the Clean IT project it will only be shared with organizations that have committed to implementing the best practices. It will be developed further with these organizations participating in the Clean IT permanent public-private dialogue platform.
‘Going Dark’ is a Law Enforcement (LE) initiative to address the gap between the legal authority and practical ability of LE to conduct lawfully-authorized electronic surveillance. Problems highlighted by the Going Dark initiative include LE’s difficulty in receiving information from some technology companies, and criminal’s use of advanced technologies and techniques that can complicate carrying out of lawfully-authorized court orders to conduct electronic surveillance.
Last month, Cryptome quietly posted a 2007 draft of the Federal Bureau of Investigation’s vision statement for the Domestic Communications Assistance Center (DCAC). The document, which has received no media attention, offers the most in depth view yet of the DCAC and its functions. In May, CNET correspondent Declan McCullagh disclosed the existence of the DCAC, which he described as having a mandate “covering everything from trying to intercept and decode Skype conversations to building custom wiretap hardware or analyzing the gigabytes of data that a wireless provider or social network might turn over in response to a court order.” The vision statement obtained by Cryptome describes the general functions and organization of the DCAC as well as the FBI’s national electronic surveillance (ELSUR) strategy.
With internet traffic growing exponentially, attacks on government and commercial computers by cyber terrorists and rogue states have escalated. Those wishing harm have espionage programs targeting the data systems used by the United States and allies. Drug traffickers and weapons dealers use the internet with encrypted communications. To counter these activities, the National Security Agency, an agency of the U.S. government, is building a fortified data center deep inside a mountain in Utah. This complex will house the world’s most sophisticated supercomputers dedicated to code breaking and data traffic analysis. Another site will eventually take delivery of the latest Cray supercomputer called Cascade to support the NSA’s need to crack codes faster to protect the nation and its allies.
Security guards at large facilities, such as airports, monitor multiple screens that display images from individual surveillance cameras dispersed throughout the facility. If a guard zooms with a particular camera, he may lose image resolution, along with perspective on the surrounding area. Embodiments of the inventive Imaging System for Immersive Surveillance (ISIS) solve these problems by combining multiple cameras in one device. When properly mounted, example ISIS systems offer up to 360-degree, 240-megapixel views on a single screen. (Other fields of view and resolutions are also possible.) Image-stitching software merges multiple video feeds into one scene. The system also allows operators to tag and follow targets, and can monitor restricted areas and sound an alert when intruders breach them.
A number of hacked emails from the private intelligence firm Stratfor have shed light on a global suspicious activity surveillance system called TrapWire, that is reportedly in use in locations around the world from the London Stock Exchange to the White House. The emails, which were released yesterday by WikiLeaks, provide information on the extent and operations of a system designed to correlate suspicious activity reports and other evidence that may indicate surveillance connected with a potential terrorist attack.